Hey @friedger, thank you for taking the lead on this!
I don’t think there’s a standard way to do this yet. Why not just add a URL field for
manfest and a field for
mobile for now? You might also want to consider adding a
manifest_signature field which should contain the signature of the
manifest.json for the app (which the authenticator would use to validate the manifest).
Yes, I believe so – the manifest.json always contains the start_url. That said, I would highly recommend adding a
manifest_signature field to the app profile, which the authenticator can use to authenticate the manifest.json once loaded.
Regarding authenticating the manifest.json, there’s a couple ways to do this. The simplest way I can think of is just treating the manifest.json as a byte stream, and signing its digest with the same key that owns the profile. A slightly more complicated way to do this (but probably better in the long term) is for the Blockstack app
claim section to contain a manifest signing public key, which would get used instead to authenticate the manifest.json. If you wanted to remain as close to the DID specs as possible, you’d encode the public key as an object which identifies the type of public key as well as the public key itself (e.g.
The manifest url in the blockstack profile uses an old school domain name. The next step is to use ipfs or so. Can runkod provide some decentralized storage solution without DNS? How to best use gaia without DNS?
api sections of a “@Person” Blockstack profile already support using raw IP addresses for referencing a Gaia hub, so you don’t have to use DNS if you don’t want to.